U.S. States Investigating Breach at Experian

By Brian Krebs
April 3, 2014
An exclusive KrebsOnSecurity investigation detailing how a unit of credit
bureau Experian ended up selling consumer records to an identity theft service
in the cybercrime underground has prompted a multi-state investigation by
several attorneys general, according to wire reports.
Reuters moved a story this afternoon quoting Illinois Attorney General Lisa
Madigan saying that ”it’s part of a multistate investigation,” and that
Connecticut Attorney General George Jepsen said that Connecticut is looking
into the matter as well.
News of the breach first came to light on this blog in October 2013, when
KrebsOnSecurity published an exclusive story detailing how a Vietnamese man
running an online identity theft service bought personal and financial records
on Americans directly from a company owned by Experian, one of the three major
U.S. credit bureaus.
Hieu Minh Ngo, a 24-year-old Vietnamese national, pleaded guilty last month to
running an identity theft service out of his home in Vietnam. Ngo was arrested
last year in Guam by U.S. Secret Service agents after he was lured into
visiting the U.S. territory to consummate a business deal with a man he
believed could deliver huge volumes of consumers’ personal and financial data
for resale.